CVE-2017-16711 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-16711): The swf_DefineLosslessBitsTagToImage function in lib/modules/swfbits.c in SWFTools 0.9.2 mishandles an uncompress failure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) because of extractDefinitions in lib/readers/swf.c and fill_line_bitmap in lib/devices/render.c, as demonstrated by swfrender.
@Maintainers could you please confirm if we are affected? If that's the case please let us know when tree is clean. Thank you
CVE-2017-16794 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-16794): The png_load function in lib/png.c in SWFTools 0.9.2 does not properly validate a multiplication of width and bits-per-pixel values, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file, as demonstrated by an erroneous png_load call that occurs because of incorrect integer data types in png2swf. CVE-2017-16793 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-16793): The wav_convert2mono function in lib/wav.c in SWFTools 0.9.2 does not properly validate WAV data, which allows remote attackers to cause a denial of service (incorrect malloc and heap-based buffer overflow) or possibly have unspecified other impact via a crafted file.
CVE-2017-16797 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-16797): In SWFTools 0.9.2, the png_load function in lib/png.c does not properly validate an alloclen_64 multiplication of width and height values, which allows remote attackers to cause a denial of service (integer overflow, heap-based buffer overflow, and application crash) or possibly have unspecified other impact via a crafted PNG file. CVE-2017-16796 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-16796): In SWFTools 0.9.2, the png_load function in lib/png.c does not check the return value of a realloc call, which allows remote attackers to cause a denial of service (invalid write and application crash) or possibly have unspecified other impact via vectors involving an IDAT tag in a crafted PNG file.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b1d6b78e63660d748d81395bb01c5c63d553cf37 commit b1d6b78e63660d748d81395bb01c5c63d553cf37 Author: Aaron Bauman <bman@gentoo.org> AuthorDate: 2019-03-29 23:49:20 +0000 Commit: Aaron Bauman <bman@gentoo.org> CommitDate: 2019-03-29 23:49:20 +0000 package.mask: Last-rite media-gfx/swftools * Multiple outstanding security vulnerabilities * No upstream releases in years * Maintainers have not patched Bug: https://bugs.gentoo.org/617252 Bug: https://bugs.gentoo.org/635208 Bug: https://bugs.gentoo.org/637172 Bug: https://bugs.gentoo.org/650888 Signed-off-by: Aaron Bauman <bman@gentoo.org> profiles/package.mask | 6 ++++++ 1 file changed, 6 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=32edfe461d949f5b809fefe51e0248c2c27f53b4 commit 32edfe461d949f5b809fefe51e0248c2c27f53b4 Author: Michał Górny <mgorny@gentoo.org> AuthorDate: 2019-04-28 20:01:03 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2019-04-28 20:02:33 +0000 media-gfx/swftools: Remove last-rited pkg Bug: https://bugs.gentoo.org/650888 Bug: https://bugs.gentoo.org/637172 Bug: https://bugs.gentoo.org/635208 Bug: https://bugs.gentoo.org/617252 Signed-off-by: Michał Górny <mgorny@gentoo.org> media-gfx/swftools/Manifest | 1 - .../swftools/files/swftools-0.9.2-jpeg-9.patch | 17 ----- .../swftools/files/swftools-0.9.2_general.patch | 28 ------- .../swftools/files/swftools-0.9.2_giflib.patch | 89 ---------------------- .../swftools/files/swftools-0.9.2_giflib5.patch | 26 ------- .../swftools/files/swftools-0.9.2_nopdf.patch | 40 ---------- media-gfx/swftools/metadata.xml | 5 -- media-gfx/swftools/swftools-0.9.2-r1.ebuild | 48 ------------ profiles/package.mask | 6 -- 9 files changed, 260 deletions(-)
